July 31, 2015
A security vector was found, called StageFright, sent through a malicious video, and gives the attacker access to your device, including storage rights, microphone access, and copying data such as passwords. Because the default action of Hangouts and Android’s stock SMS app was to pre-fetch the videos (thereby processing them ahead of time for you), you could be vulnerable without even knowing it.
It was blogged about several times, here are just a few:
If you’re on Android and use Hangouts for SMS/MMS, follow these steps to protect yourself from the Android security bug about prefetching MMS:
- In Hangouts, tap on the top left icon (the horizontal lines)
- go into Settings
- pick “SMS” at the bottom of the list
- Scroll down and look for the setting that says “Auto retrieve MMS” and remove the checkmark.
In the stock Android SMS app, a similar setting can be found here: Settings –> Advanced –> Auto-retrieve